Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

More data-stealing bloatware found on cheap Android phones

Data including IMEI numbers, MAC addresses, and location info has reportedly been collected by phones sold in developing countries.
By
July 6, 2018
Android-malware
TL;DR
  • Apps pre-installed on phones sold in developing countries said to secretly collect user data.
  • The apps have reportedly collected IMEI numbers, MAC addresses, and location data.
  • The CEO of the company at the center of the report says his company hasn’t broken any data-collection laws.

Some cheap phones sold in developing countries contain pre-installed apps that secretly collect user data, according to The Wall Street Journal.

The main offender mentioned in the article is an app that sends data to a Taipei-based advertising company called GMobi. The company collects this data in order to target users with ads. The app was reportedly found on smartphones sold by Singapore-based OEM Singtech in Myanmar, Cambodia. The app was also spotted on devices sold in Brazil, India and China.

Upstream Systems, a mobile advertising and marketing firm cited by The Wall Street Journal, said that, in its testing, the GMobi app sent IMEI numbers, MAC addresses, and in some cases location data to servers in Singapore.

According to its website, GMobi serves over 100 OEMs and supports 2,000 Android devices with more than 150 million users. GMobi’s CEO Paul Wu told The Wall Street Journal that OEMs let GMobi install its app on phones so that it can send free software updates to users. He denied that his company violates any data collection laws.

GMobi lists dozens of smartphone makers as partners on its website, including HUAWEI, Xiaomi, and BLU. All three companies denied ever working with GMobi.

These are the 4 best smartphone brands in India
The best

China-based Adups and India-based MoMagic supply similar firmware update services. The CEO of MoMagic said to The Wall Street Journal that all data collection by his company is legal. He admitted that private data collection regulations in India and Bangladesh are weak. Adups was previously found to surreptitiously collect data from BLU devices sold in the U.S.

How companies collect and use user data has been a big issue in recent months, with Facebook’s practices investigated in the U.S., U.K. and the EU. Just earlier this week, controversy erupted around Google’s practice of giving some third-parties access to email content.

While users in the Western world, and the EU in particular, enjoy a modicum of legal protection, people in developing countries are prime targets for data harvesters due to weak privacy protection in many of the countries.